1.5 KiB
Architectural Decision Record
Servers are named after Pokemon because names should be cute, not descriptive.
DNS
DNS provider is Namecheap because they provide the following reasons:
- DNS can be managed via dnscontrol
- Invoices can be paid to Namecheap directly without any intermediaries via their btcpayserver
I had also tried EasyDNS, but while their DNS could be managed via OctoDNS, I found it poorly supported. Their invoices could be paid in Bitcoin, but only through a third party.
Web Proxy
Nginx for nostr relays because it provides peak performance and allows for complex configuration. Otherwise caddy is preferred for its configuration simplicity which reduces the total cost of ownership. The two web proxies cannot co-exist on the same server with a single public IP address, since both use http-01 validation with nginx and they cannot share port 80.
TLS
- Certbot is used for nostr relay certificate renewal with http-01 validation because it is reliable and works in our nginx deployment.
- ACME lego is used to renew mail server certificates with dns-01 validation because it doesn't need a webserver.
- Caddy is used to run web services and automate certificate renewal on most other servers because of its configuration simplicity and reasonable performance.
Our nginx configuration continues to include TLS1.2 in addition to TLS1.3 to support legacy clients. It should probably be removed soon, as that would remove the need to generate dhparams.